03-11-2009 09:27 AM - edited 03-06-2019 04:31 AM
All,
I've got a host connected to my 3750 stack. The core router also connects to this stack. If I run wireshark on this host and traceroute to the core router, I get "Time-to-live-exceeded (Time to live exceeded in transit)" in wireshark.
The switch has vlans on it, but the native vlan is what I'm connected to. I've attached the exported wireshark trace. I really hope someone can help on this.
Thanks,
John
Solved! Go to Solution.
03-11-2009 09:55 AM
I think that's how traceroute to work.
Host will set TTL=1 for first ping packet, then TTL=2 and so on... so that the devices in the path will reply with TTL exceeded. Then Host can know each hop's IP address based on those TTL exceeded packet.
Host will send 3 packet per TTL value and you should get 3 TTL exceed packet back per hop.
03-11-2009 09:42 AM
John
I have looked through the trace file and am not seeing much there that points to an explanation. It might be helpful if you would post the output of an attempt to tracert to that address that is failing.
The symptoms look like somewhere there is a routing loop trying to get to that destination address. So perhaps the output of show ip route from your 3750 might also be helpful.
HTH
Rick
03-11-2009 09:55 AM
I think that's how traceroute to work.
Host will set TTL=1 for first ping packet, then TTL=2 and so on... so that the devices in the path will reply with TTL exceeded. Then Host can know each hop's IP address based on those TTL exceeded packet.
Host will send 3 packet per TTL value and you should get 3 TTL exceed packet back per hop.
03-11-2009 10:12 AM
You are correct. I've always thought that the TTL was set and then was decremented, but it doesn't work the same is an IP packet. It does send the first hop, the first hop sends a TTL exceeded back, and it continues this to 30 hops.
Thanks for the info!
John
03-11-2009 09:58 AM
Rick,
The network is directly connected to the 3750:
Routing entry for 10.125.100.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Advertised by bgp 65505
Routing Descriptor Blocks:
* directly connected, via Vlan1
Route metric is 0, traffic share count is 1
I'm not sure what you mean by an address that's failing. One that's non-existent? Anything that goes through the switch from two different hosts on two different switches (my host connected to an edge switch, and a host that's connected directly into the 3750) exhibit the same problem.
The first hop from my box to the router is set to a TTL of 1. It hits the switch and the switch expires it. It does this 3 times, and then my host sets the TTL to 2. Very odd.
I didn't post my whole routing table because I have a ton of bgp routes. (We run bgp on our core switch also.)
Thanks,
John
03-11-2009 10:33 AM
John
Clearly this is a case where I got so busy looking at the details that I did not think about the context and what is really going on. Clearly Kevin hit the nail on the head that this is the expected behavior of traceroute/tracert.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: